Power6 High-End System Firmware

06/25/14

• Support was dropped for Secured Socket Layer (SSL) Version 2 and SSL weak and medium cipher suites in the service processor web server (Ligthttpd).  Unsupported web browser connections to the Advanced System Management Interface (ASMI) secured port 443 (using https://) will now be rejected if those browsers do not support SSL version 3.  Supported web browsers for Power6 ASMI are Netscape (version 9.0.0.4), Microsoft Internet Explorer (version 7.0), Mozilla Firefox (version 2.0.0.11), and Opera (version 9.24).
  

• HIPER/Pervasive:  A  security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor.  The Common Vulnerabilities and Exposures issue number is CVE-2014-0076.  The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Hardware Management Console (HMC) access password to the service processor.  Therefore, the HMC access password for the CEC should be changed after applying this fix.
• HIPER/Pervasive:  A  security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor.  The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability.  The stolen private keys could be used to decrypt the SSL sessions and and compromise the Hardware Management Console (HMC) access password to the service processor.  Therefore, the HMC access password for the CEC should be changed after applying this fix.
• HIPER/Pervasive:  A security problem was fixed in the OpenSSL (Secure Socket Layer) protocol that allowed clients and servers, via a specially crafted handshake packet, to use weak keying material for communication.  A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between the management console and the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0224.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL for a buffer overflow in the Datagram Transport Layer Security (DTLS) when handling invalid DTLS packet fragments.  This could be used to execute arbitrary code on the service processor.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0195.
• HIPER/Pervasive:  Multiple security problems were fixed in the way that OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled to prevent denial of service.  These could cause the service processor to reset or unexpectedly drop connections to the management console when processing certain SSL commands.  The Common Vulnerabilities and Exposures issue numbers for these problems are CVE-2010-5298 and CVE-2014-0198.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service when handling certain Datagram Transport Layer Security (DTLS) ServerHello requests. A specially crafted DTLS handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-0221.
• HIPER/Pervasive:  A security problem was fixed in OpenSSL to prevent a denial of service by using an exploit of a null pointer de-reference during anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange.  A specially crafted handshake packet could cause the service processor to reset.  The Common Vulnerabilities and Exposures issue number for this problem is CVE-2014-3470.
  
•  A problem was fixed that caused the system information LED to be lit without a corresponding SRC and error log for the event.  This problem typically occurs when an operating system on a partition terminates abnormally.
• A security problem was fixed in the service processor Lighttpd web server that allowed denial of service vulnerabilities for the Advanced System Manager Interface (ASMI).  The Common Vulnerabilities and Exposures issue numbers for this problem are CVE-2011-4362 and CVE-2012-5533.
• A problem was fixed on the service processor where the Small-Footprint CIM Broker Daemon (SFCBD) process was accessing a null pointer and failing with a core dump, triggering a FSP dump to collect the core.
• A problem was fixed that caused a security scan of the Advanced System Manager Interface (ASMI) to fail.  The Lighttpd web server configuration cipher list was updated to improve the security.
• A security problem in the Secure Socket Layer (SSL) protocol on the service processor was fixed to prevent a man-in-the-middle attack.  The Common Vulnerabilities and Exposures issue number is CVE-2011-3389.
• A  security problem was fixed for the Lighttpd web server that allowed arbitrary SQL commands to be run on the service processor of the CEC.  The Common Vulnerabilities and Exposures issue number is CVE-2014-2323.
• A security problem was fixed for the Lighttpd web server where improperly-structured URLs could be used to view arbitrary files on the service processor of the CEC.  The Common Vulnerabilities and Exposures issue number is CVE-2014-2324..
  
• A problem was fixed that caused a "code accept" during a concurrent firmware installation from the HMC to fail with SRC E302F85C.
• A  security problem was fixed in the service processor TCP/IP stack to discard illegal TCP/IP packets that have the SYN and FIN flags set at the same time.  An explicit packet discard was needed to prevent further processing of the packet that could result in an bypass of the iptables firewall rules.
  

• On systems using dynamic Distributed Host Control Protocol (DHCP) IP addresses, a problem was fixed that caused communication hangs when DHCP client processes were unable to renew their IP addresses.  The iptable rules needed to be updated to open DHCP ports 67 and 68 to prevent the DHCP network traffic from being filtered by the service processor.
• On a system with partitions with redundant Virtual Asynchronous Services Interface (VASI) streams, a problem was fixed that caused the system to terminate with SRC B170E540.  The affected partitions include Active Memory Sharing (AMS), encapsulated state partitions, and hibernation-capable partitions.  The problem is triggered when the management console attempts to change the active VASI stream in a redundant configuration.  This may occur due to a stream reconfiguration caused by Live Partition Mobility (LPM); reconfiguring from a redundant Paging Service Partition (PSP) to a single-PSP configuration; or conversion of a partition from AMS to dedicated memory.
• On systems involved in a series of consecutive Live Partition Mobility (LPM) operations, a memory leak problem was fixed in the run time abstraction service (RTAS) that caused a partition run time AIX crash with SRC 0c20.  Other possible symptoms include error logs with SRC BA330002 (RTAS memory allocation failure).
•  On a system with a disk device with multiple boot partitions, a problem was fixed that caused System Management Services (SMS) to list only one boot partition.  Even though only one boot partition was listed in SMS, the AIX bootlist command could still be used to boot from any boot partition.
• For a partition with a 256MB Real Memory Offset (RMO) region size that has been migrated from a Power8 system to  Power7 or Power6 using Live Partition Mobility, a problem was fixed that caused a failure on the next boot of the partition with a BA210000 log with a CA000091 checkpoint just prior to the BA210000.  The fix dynamically adjusts the memory footprint of the partition to fit on the earlier Power systems.

07/25/13

• A problem was fixed that caused the managed system to go to the incomplete state on the management console after a partition was deleted.
• A problem was fixed that caused an error log generated by the partition firmware to show conflicting firmware levels.  This problem occurs after a firmware update or a logical partition migration (LPM) operation on the system.
• The firmware was enhanced to display on the management console the correct number of concurrent live partition mobility (LPM) operations that is supported.
• A problem was fixed that caused the state of the Host Ethernet Adapter (HEA) port of be reported as down when the physical port is actually up.
• A problem was fixed that caused the partition target of a logical partition migration (LPM) to have its UTC time shifted forward from the actual time on the source partition.
• A problem was fixed that that caused a HMC code update failure for the FSP on the accept operation with SRC B1811402 or FSP is unable to boot on the updated side.
  

• On a partition with a large number of potentially bootable devices, a problem was fixed that caused the partition to fail to boot with a default catch, and SRC BA210000 may also be logged.
• On systems running AIX or Linux, a problem was fixed that caused the operating system to halt when an InfiniBand Host Channel Adapter (HCA) adapter fails or malfunctions.
• On systems running Active Memory Sharing (AMS) partitions, a timing problem was fixed that may occur if the system is undergoing AMS pool size changes.
• A problem was fixed that caused a migrated partition to reboot during transfer to a VIOS 2.2.2.0, and later, target system. A manual reboot would be required if transferred to a target system running an earlier VIOS release. Migration recovery may also be necessary.
  

01/09/13

• A problem was fixed that caused the hypervisor to be left in an inconsistent state after a partition create operation failed.
• A problem was fixed that caused the hypervisor to become unresponsive and the managed system to go the incomplete state on the management console.
• A problem was fixed that caused the service processor to fail to boot after a concurrent firmware update; this causes a system crash.
  

• A problem was fixed that prevented the HMC command "lshwres" from showing any I/O adapters if any adapter name contained the ampersand character in the VPD.
• The Power Hypervisor was enhanced to insure better synchronization of vSCSI and NPIV I/O interrupts to partitions.
• On systems running AIX or Linux, a problem was fixed that caused a partition to fail to boot with SRC CA260203.  This problem also can cause concurrent firmware updates to fail.

07/27/12

• Support for live partition mobility between systems running Ex350 system firmware, and 8246-L2S systems.
  

• On systems booting from an NPIV (N-port ID virtualization) device, a problem was fixed that caused the boot to intermittently terminate with the message "PReP-BOOT: unable to load full PReP image.".  This problem occurs more frequently on the IBM V7000 Storage System running the SAN Volume Controller (SVC), but not on every boot.
• On systems on which Internet Explorer (IE) is used to access the Advanced System Management Interface (ASMI) on the Hardware Management Console (HMC), a problem was fixed that caused IE to hang for about 10 minutes after saving changes to network parameters on the ASMI.
• On systems running the AIX operating system, a problem was fixed that caused the hypervisor to crash with SRC B7000103, after an HEA (Host Ethernet Adapter) error was logged, when there is a lot of AIX activity on the HEAs.
  

05/02/12

• The firmware was enhanced to log SRCs BA180030 and BA180031 as informational instead of predictive.
• The firmware was enhanced to increase the threshold of soft NVRAM errors on the service processor to 32 before SRC B15xF109 is logged.  (Replacement of the service processor is recommended if more than one B15xF109 is logged per week.)
  

• HIPER/Pervasive:  On systems with PCI adapters in a feature code (F/C) F/C 5803 or 5873 I/O drawer assigned to a Virtual I/O Server (VIOS), and on systems with the I/O adapters in a CEC drawer assigned to a VIOS, a problem was fixed that caused the system to crash with SRC B700F103.
• A problem was fixed that caused the hypervisor to hang during a concurrent operation on a F/C 5802, 5803, 5873 or 5877 I/O drawer.  Recovering from the hypervisor hang required a platform reboot.
  
• On system performing Live Partition Mobility (LPM), a problem was fixed that caused a partition to crash if the following sequence of operations is performed:
  
   1.  The partition is configured with, and is using, more than 1 dedicated processor.
   2.  The partition is migrated using LPM from a POWER6 to a POWER7 platform.
   3.  At any time following the migration from POWER6 to POWER7, one or more of the dedicated processors is removed from the partition using a Dynamic Logical Partitioning (DLPAR) operation.
  
  Once these 3 steps operations have been done, a partition crash is likely if either:
   - The partition is subsequently migrated to any other platform (POWER6 or POWER7) using LPM,  or
   - The partition is resumed from hibernation.

• A problem was fixed that caused the output of the AIX command "uname -m" to be incorrect on the POWER7 system after a successful Live Partition Migration (LPM) operation from a POWER6 to a POWER7 system.
• A problem was fixed that caused booting from a virtual fibre channel tape device to fail with SRC B2008105.
  

11/09/11

• A problem was fixed that caused the system to terminate when rebooting after the power was removed, then reapplied.
• A problem was fixed that caused the message "IPL: 500 - Internal Server Error" to be displayed when the Hardware Management Console option was selected (which is under the System Information option) on the Advanced System Management Interface (ASMI).
• On systems running more than 100 logical partitions, a problem was fixed that caused a concurrent firmware installation to fail.
  
• A problem was fixed that caused a system's partition dates to revert back to 1969 after the service processor or its battery was replaced.  This occurred regardless of whether or not the service processor's time-of-day (TOD) clock was correctly set during the service action. 
  
• A problem was fixed that caused a partition migration operation to abort when the partition has more than 4096 virtual slots.
• A problem was fixed that caused the message "500 - Internal Server Error." to be displayed when a setting was changed on the Advanced System Management Interface's (ASMI's) power on/off menu, when the change was attempted when the system was powering down.
• A problem was fixed that caused booting or installing a partition or system from a USB device to fail with error code BA210012.  This usually occurs when an operating system (OS) other than the OS that is already on the partition or system is being booted or installed.
• On the System Management Services (SMS) remote IPL (RIPL) menus, a problem was fixed that caused the SMS menu to continue to show that an Ethernet device is configured for iSCSI, even though the user has changed it to BOOTP.
• A problem was fixed that caused a firmware installation from the HMC with the "do not auto accept" option selected to fail.
• A problem was fixed that caused the bulk power controller (BPC) to erroneously log SRCs B181843C and B181EF88, and a PWR dump to be generated.
  

• HIPER / Non-Pervasive: On systems running Active Memory Sharing (AMS) with a F/C 5803 or 5873 I/O drawer attached, a problem was fixed that caused the system to crash with SRC B170E540 after a warm boot or platform dump IPL.
• On systems running a virtual I/O (VIO) partition, or using a Shared Ethernet Adapter (SEA), a problem was fixed that caused a severe performance degradation.
• On system using the utility capacity on demand (COD) feature, a problem was fixed that prevented the hypervisor from correctly crediting the time used when the sequence number of the activation code reached certain values.
  
• On systems with an iSCSI network, a problem was fixed that caused the system to hang when booting from an iSCSI device in the system management services (SMS) menus.
• On systems with an iSCSI network, when booting a logical partition using that iSCSI network, a problem was fixed that caused the iSCSI gateway parameter displayed on the screen to be incorrect.  It did not impact iSCSI boot functionality.
• On systems using fibre channel adapters, the firmware was enhanced by the addition of a new option in the system management services (SMS) Mutliboot menu that facilitates zoning of physical and virtual fibre channel adapters.
• On systems with external I/O drawers, the firmware was enhanced such that SRCs 10001B02 and 1000911C place a call home.
• On systems with external InfiniBand or PCI-E drawers or towers, a problem was fixed that caused the system to crash with SRC B7000103 if the I/O hub adapter crashed at the same time an external drawer or tower was being initialized.